Address
Form of work
SalaryThe following is an overview of the Thick Application Penetration Test:
- Will evaluate the application for security vulnerabilities from the perspective of an authenticated user. If multiple user types exist, then will perform testing using each type. During the testing, manual and automated processes leverage commercial, open source, and proprietary software. All automated tests will be manually verified to minimize false positives.
- The penetration test will target common thick application attack vectors such as the file system, the registry, system memory, network communications, and graphical user interfaces.
Specific areas of focus will include, but are not limited to:
Static Analysis: During the static analysis phase of testing, will review the follow areas:
- Service account roles and permissions (client, application server, database server)
- Application file, folder, and registry permissions
- Application service, provider, WMI subscription, task, and other permissions
- Assembly compilation security flags
- Protection of data in transit
- Hardcoded sensitive data and authentication tokens (passwords, private keys, etc.)
- Hardcoded encryption material (keys, IVs, etc.)
- Use of insecure encryption and hashing algorithms
- Database user roles and permissions
- Database and server configurations
Dynamic Analysis: During the dynamic analysis phase of testing, will test and review the following areas:
- Authentication and authorization controls enforced on the client and server
- Application user roles and permissions
- Application workflow logic between GUI elements
- Web Services utilized by the application using web application testing methodology
- File system changes including file and folder creation, deletion, and modification
- Registry changes including creation, deletion, and modification of keys and values
- Application objects and information stored in memory during runtime
- Use of insecure encryption and hashing algorithms
- Network protocols utilized by the application (SMB, FTP, TFTP, etc.)
- Database connections
After identifying the strengths and weaknesses of the thick application(s) and Client's development and security program processes, will suggest strategies for improvement and assign priority to deficiencies based on potential business impact and likelihood of process failure or exploitation. Will also collaborate with stakeholders so that notable findings may then be analyzed and compared against program goals and compliance requirements.
C# Software Developer - Bristol/Hybrid - Salary £40K - £45K plus benefits including hybrid working, 22 days holiday bh, flexitime, gym membership, company pension and much more…
The Role
A new and exciting opportunity has become available for a C# Software Developer (C#, .Net Core , SQL) to join a rapidly growing software development and tech focused business based in Bristol offering hybrid working - you will only be in the office 3 days a week. As a Developer (C#, .Net Core , SQL) you will be responsible for a wide range of innovative projects from infrastructure asset management to maintaining customer satisfaction. You will play an integral role in contributing to the growth of the business and with it being a collaborative team; you'll have the ability to suggest new technologies and drive forward their technical direction. You will need to be ambitious and enjoy working in a fast-paced rapidly changing environment.
Software Developer role requirements:
- C#
- .Net Core
- SQL
The Company
This is an exciting, unique and creative technology business run by individuals who are passionate and open minded about technology and want like-minded individuals to join them on their journey. The company operates within the asset management industry and they are currently working on a customisable asset management software, that supports business objectives through powerful features, flexible function and mobile technology. They are a global company who are considered industry experts in what they do and offer a friendly and collaborative working environment. As part of the role you will be working alongside their world-class team of developers, product owners and project managers. They offer flexible working hours, pension scheme, dedicated training, development budgets and more.
Apply Now!
If you are a talented C# Software Developer looking to become part of a team focused on being the best, then this could be the right move for you. The role is urgent so don't miss out on the opportunity!
C# Software Developer - Bristol/Hybrid - Salary £40K - £45K plus benefits including hybrid working, 22 days holiday bh, flexitime, gym membership, company pension and much more…
Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy.
To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.
